File searching and data scanning are performed in many contexts. As internet communications proliferate and the need for digital security increases, an expanding context is malware cleaning software applications. The term ‘malware’ encompasses computer viruses and other ‘infections’, along with spyware, adware and other software having a malicious effect on the computer. Typical cleaning applications check digital objects on a computer against definition files, (e.g., virus definitions). Various objects that may become ‘infected’ or subjected to malicious software include, but are not limited to: files, directories, registry entries, Layered Service Providers (LSP's), file contents, services, running processes and modules, browser helper objects, and browser cookies.
Common processes performed in cleaning malware from a computer include: reading files from a hard disk drive; and comparing the files read against a plurality of malware definitions. To scan an entire hard disk may take an excessive amount of time. For example, a conventional 100 gigabyte hard drive having a media transfer rate of 20 megabytes per second, requires more than 1 hour just to stream the data from the disk. With added time for disks seeks and malware testing, substantially more time is required. In particular, testing all files and other digital objects for all malware definitions using a conventional scan engine takes an excessive length of time.
Accordingly, there is a need for accelerating the scanning of digital objects on a computer to test for malware definitions, and other data patterns.